INFO-VAX Tue, 26 Aug 2008 Volume 2008 : Issue 467 Contents: Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS RE: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: Phase V: it's not just the UI, U know. Putting my Vax in the network Re: Putting my Vax in the network Re: Putting my Vax in the network Re: Putting my Vax in the network Re: Putting my Vax in the network Re: Putting my Vax in the network Re: Putting my Vax in the network Re: Putting my Vax in the network Re: Putting my Vax in the network Re: Putting my Vax in the network Re: Putting my Vax in the network Re: SMGRTL patch available on ITRC ftp site Re: SMGRTL patch available on ITRC ftp site Re: SMGRTL patch available on ITRC ftp site Re: SMGRTL patch available on ITRC ftp site Re: SMGRTL patch available on ITRC ftp site Re: SMGRTL patch available on ITRC ftp site Re: SMGRTL patch available on ITRC ftp site Re: strange tcpip issue Re: strange tcpip issue Re: What has happened to RMS ECO? [OpenVMS Alpha V8.3] What has happened to RMS ECO? [RBL] Current status? Re: [RBL] Current status? [VMS V7/8] How to avoid filling sec audit with entries of BACKUP user? [VMS] SMGRTL Issue Re: [VMS] SMGRTL Issue Re: [VMS] SMGRTL Issue Re: [VMS] SMGRTL Issue ---------------------------------------------------------------------- Date: Tue, 26 Aug 2008 02:28:40 -0400 From: "William Webb" Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <8660a3a10808252328j52cbbc32w749238a946b5c0f@mail.gmail.com> On Mon, Aug 25, 2008 at 12:09 PM, Main, Kerry wrote: > -----Original Message----- >> From: Bill Gunshannon [mailto:billg999@cs.uofs.edu] >> Sent: August 25, 2008 8:21 AM >> To: Info-VAX@Mvb.Saic.Com >> Subject: Re: DEFCON 16 and Hacking OpenVMS >> >> In article <8f7d0af3-c42e-4f6b-8f5c- >> fdb560cfdcdd@x41g2000hsb.googlegroups.com>, >> jferraro writes: >> >> More seriously though: VAX 7000s in production? Has anyone looked at >> >> how much they're costing vs more recent kit? Maintenance, power, >> >> cooling and square-footage (?) on kit (including storage?) from that >> >> era won't be cheap; when I last looked, in most environments, moving >> >> to something current whilst staying with VMS (and therefore >> >> introducing relatively little risk) would typically have a very >> short >> >> payback time, maybe a year or two? How often can you get a payback >> >> time of that length? It can get more interesting if the business is >> >> organised in a way where revenue spend and capital spend come under >> >> separate stovepipes, but even that shouldn't be insurmountable. >> >> >> > It is interesting, I assure you. As it goes, several folks over the >> > years have put together business cases to port the existing COBOL >> (and >> > other) code to JAVA and the like, with the end goal in mind to >> > eliminate VMS. Costs to do so have been exorbitant and so it has made >> > more sense, so to speak, to put VMS back in the corner and forget >> > about it - and continue on our merry way. >> >> The cost of copnverting COBOL to JAVA is hardly justification for >> keeping >> VMS around. One could easily convert COBOL to COBOL on a less >> expensive >> to maintain platform. >> >> bill >> > > Yeah, and what about the mountains of supporting DCL, RMS ACL's, > SYSUAF rights identifiers, third party support utilities, licenses, > backup environments, code management systems, clustered print queues > etc that one typically has on a Cobol/Fortran/Basic/C/PL1 - OpenVMS > environment? > > Also, what about the active-active system clustering that might be > in place on the local cluster? > > Whenever someone says "lets just migrate", its like an iceberg i.e. > what you see above the water are the easy to see techie issues. > > What is below the water are the issues I mentioned above which > will sink the project because they were not properly understood > and/or estimated correctly. > > Regards > > Kerry Main > Senior Consultant > HP Services Canada > Voice: 613-254-8911 > Fax: 613-591-4477 > kerryDOTmainAThpDOTcom > (remove the DOT's and AT) > > OpenVMS - the secure, multi-site OS that just works. > > > > Place I work is migrating AlphaServers => I64 boxes. Despite the fact that they're platform-neutral, it'd take AT LEAST fifteen years for them to get all the VMS stuff that runs *outside* of the databases redone so it'd work reliably on Some Other Platform. WWWebb ------------------------------ Date: Tue, 26 Aug 2008 03:10:15 -0400 From: JF Mezei Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <02feff7c$0$2162$c3e8da3@news.astraweb.com> William Webb wrote: > Despite the fact that they're platform-neutral, it'd take AT LEAST > fifteen years for them to get all the VMS stuff that runs *outside* of > the databases redone so it'd work reliably on Some Other Platform. What many corporations have done is simply stopped developping on VMS and develop all new apps on modern non-legacy platforms. Over time individual apps end up being replaced or made redundant by new apps on a different platform, leaving VMS with less and less importance. Eventually, where there are only a couple apps left on VMS, they will decide to port them even if there is no immediate need to rewrite/update them so that the company can eliminate one platform to support. This is especially true if on old hardware that HP charges and arm and a leg to support. ------------------------------ Date: Tue, 26 Aug 2008 10:44:17 +0000 From: "Main, Kerry" Subject: RE: DEFCON 16 and Hacking OpenVMS Message-ID: <9D02E14BC0A2AE43A5D16A4CD8EC5A593ED5E39EA4@GVW1158EXB.americas.hpqcorp.net> > -----Original Message----- > From: JF Mezei [mailto:jfmezei.spamnot@vaxination.ca] > Sent: August 26, 2008 3:10 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: DEFCON 16 and Hacking OpenVMS > > William Webb wrote: > > > Despite the fact that they're platform-neutral, it'd take AT LEAST > > fifteen years for them to get all the VMS stuff that runs *outside* > of > > the databases redone so it'd work reliably on Some Other Platform. > > What many corporations have done is simply stopped developping on VMS > and develop all new apps on modern non-legacy platforms. Over time > individual apps end up being replaced or made redundant by new apps on > a > different platform, leaving VMS with less and less importance. > > Eventually, where there are only a couple apps left on VMS, they will > decide to port them even if there is no immediate need to > rewrite/update > them so that the company can eliminate one platform to support. This is > especially true if on old hardware that HP charges and arm and a leg to > support. I love it when people throw that term "legacy" around to push their own agendas. Lets call it for what it is - "legacy" is a term that people use in a polite but derogatory manner to imply that the future direction they prefer is not that which they view as the current direction. Microsoft calls Windows 2000 a legacy platform. IBM calls AIX V4.x a legacy platform. Sun calls Solaris 9/8 legacy platforms. Does this mean that Windows, Solaris and AIX are legacy platforms? Of course not. Every platform has legacy versions, but that does not mean current OS versions of that platform are "legacy". And for the record, after many wasted $'s, there are many CIO's that end up on the street after trying to replace a "legacy" environment with a new environment based on the buzz word technology of the day (SOA, shared services, J2EE, .Net) without really understanding the resource, culture and financial impact of this change. If I wanted to stir the pot, I would say distributed computing strategies are the next legacy platforms, but I don't, so I won't. :-) Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-254-8911 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT) OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: 26 Aug 2008 07:33:04 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article <6h7t0nFjm91gU1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > > I am not so sure about the hardware requirement. To have any hope of reasonable performce the hardware needs to check the page access during instruction fetch, just as it does for data read or write. How could the kernel get involved in every instruction fetch, if not via hardware controls? ------------------------------ Date: 26 Aug 2008 07:34:33 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article <18jta495lf6vdgoqlcjjjc1hpcrh5nv94t@4ax.com>, gerry77@no.spam.mail.com writes: > > Now that Alpha and Itanium patches were published, I'm in doubt: might I hope > that in the next few days/weeks we'll also see those much needed VAX patches > or should I start to be sad and resigned? :-P ... I know, I'm a dreamer! I saw the aptches for VAXen running 7.3 the same day I saw the Alpha and I64 patches. It's the previous version support I'm wondering about. ------------------------------ Date: 26 Aug 2008 07:39:16 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article , Johnny Billquist writes: > > Heck, a PDP-11 provides support for that. > Stack is in D-space. Code is in I-space... If you try to jump to the stack, you > will be executing something, but it won't be from the stack, unless you decide > to map I-space and D-space to the same memory. The PDP-11 was in many ways ahead of its time, but the 11/44 I used was the only one large enough to have different RAM spaces to map I-space and D-space to. ------------------------------ Date: 26 Aug 2008 07:45:56 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article <48b2f654$0$1525$c3e8da3@news.astraweb.com>, JF Mezei writes: > > Consider also that management are unaware of those things. In Unix, they > know files are just streams of bytes and that is it. They have no > concept of indexed files, record formats etc etc etc. So they do not > consider the difficulty of migrating COBOL apps that may use all those > features to an environment that doesn't provide any of it. The UNIX systems I've used often do have full support for Fortran record I/O, COBOL record I/O, ..., and often "VAX compatable", which means they can act like they have keyed-indexed files. This, of course, is not part of the file system, it's built into the compiler library somehow, may not be compatable between languages, may include pieces of a DBMS engine, can not be read from C without knowing the internals, ... But if all you're doing is porting one app written in one language then you get what you need. ------------------------------ Date: 26 Aug 2008 13:03:18 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <6hid8mFm6l8iU1@mid.individual.net> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article , Johnny Billquist writes: >> >> Heck, a PDP-11 provides support for that. >> Stack is in D-space. Code is in I-space... If you try to jump to the stack, you >> will be executing something, but it won't be from the stack, unless you decide >> to map I-space and D-space to the same memory. > > The PDP-11 was in many ways ahead of its time, but the 11/44 I used > was the only one large enough to have different RAM spaces to map > I-space and D-space to. Many of them did. I don't remember for sure but I think everything larger than the 11/24. I know my 11/44's, 11/73's and 11/93 all do. Don't think the 11/23 did, but maybe the 11/23+. I have a book at home with the whole chart of features by processor. I'll try to take a look tonite if I have time. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 26 Aug 2008 13:06:51 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <6hidfbFm6l8iU2@mid.individual.net> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article <48b2f654$0$1525$c3e8da3@news.astraweb.com>, JF Mezei writes: >> >> Consider also that management are unaware of those things. In Unix, they >> know files are just streams of bytes and that is it. They have no >> concept of indexed files, record formats etc etc etc. So they do not >> consider the difficulty of migrating COBOL apps that may use all those >> features to an environment that doesn't provide any of it. > > The UNIX systems I've used often do have full support for Fortran > record I/O, COBOL record I/O, ..., and often "VAX compatable", which > means they can act like they have keyed-indexed files. > > This, of course, is not part of the file system, it's built into the > compiler library somehow, may not be compatable between languages, > may include pieces of a DBMS engine, can not be read from C without > knowing the internals, ... > > But if all you're doing is porting one app written in one language > then you get what you need. Can't be any more difficult than porting COBOL from Honeywell to Univac. and we had a lot less sophisticated tools to do it with back then!! :-) bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Tue, 26 Aug 2008 09:11:11 -0400 From: "Richard B. Gilbert" Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler wrote: > In article <18jta495lf6vdgoqlcjjjc1hpcrh5nv94t@4ax.com>, gerry77@no.spam.mail.com writes: >> Now that Alpha and Itanium patches were published, I'm in doubt: might I hope >> that in the next few days/weeks we'll also see those much needed VAX patches >> or should I start to be sad and resigned? :-P ... I know, I'm a dreamer! > > I saw the aptches for VAXen running 7.3 the same day I saw the Alpha > and I64 patches. It's the previous version support I'm wondering > about. > I rather doubt that they are going to fix this vulnerability in all past versions. The currrent version certainly and the immediately prior version will almost certainly be fixed. If you want all versions back to V5.5-2 fixed, cough up some BIG BUCKS. Remember, the fixed versions must all be tested! Even though the fix may be trivial, the testing is not! ------------------------------ Date: Tue, 26 Aug 2008 09:40:09 -0400 From: "Richard B. Gilbert" Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <1Pmdnfy8xKVbminVnZ2dnUVZ_qDinZ2d@comcast.com> Bill Gunshannon wrote: > In article , > koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >> In article , Johnny Billquist writes: >>> Heck, a PDP-11 provides support for that. >>> Stack is in D-space. Code is in I-space... If you try to jump to the stack, you >>> will be executing something, but it won't be from the stack, unless you decide >>> to map I-space and D-space to the same memory. >> The PDP-11 was in many ways ahead of its time, but the 11/44 I used >> was the only one large enough to have different RAM spaces to map >> I-space and D-space to. > > Many of them did. I don't remember for sure but I think everything larger > than the 11/24. I know my 11/44's, 11/73's and 11/93 all do. Don't think > the 11/23 did, but maybe the 11/23+. > > I have a book at home with the whole chart of features by processor. I'll > try to take a look tonite if I have time. > > bill > > I believe the Micro 11/23 had I and D spaces. I was responsible for one briefly. The address space was entirely too limited! We replaced it with a VAX 8200. ------------------------------ Date: 26 Aug 2008 15:56:36 +0200 From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <48b427b4$1@news.langstoeger.at> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >In article <18jta495lf6vdgoqlcjjjc1hpcrh5nv94t@4ax.com>, gerry77@no.spam.mail.com writes: >> >> Now that Alpha and Itanium patches were published, I'm in doubt: might I hope >> that in the next few days/weeks we'll also see those much needed VAX patches >> or should I start to be sad and resigned? :-P ... I know, I'm a dreamer! > > I saw the aptches for VAXen running 7.3 the same day I saw the Alpha > and I64 patches. It's the previous version support I'm wondering > about. Where did you saw the patches for VAX V7.3? May I have it? TIA -- Peter "EPLAN" LANGSTÖGER Network and OpenVMS system specialist E-mail Peter@LANGSTOeGER.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ------------------------------ Date: 26 Aug 2008 14:06:38 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <6higveFm5a73U1@mid.individual.net> In article <1Pmdnfy8xKVbminVnZ2dnUVZ_qDinZ2d@comcast.com>, "Richard B. Gilbert" writes: > Bill Gunshannon wrote: >> In article , >> koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >>> In article , Johnny Billquist writes: >>>> Heck, a PDP-11 provides support for that. >>>> Stack is in D-space. Code is in I-space... If you try to jump to the stack, you >>>> will be executing something, but it won't be from the stack, unless you decide >>>> to map I-space and D-space to the same memory. >>> The PDP-11 was in many ways ahead of its time, but the 11/44 I used >>> was the only one large enough to have different RAM spaces to map >>> I-space and D-space to. >> >> Many of them did. I don't remember for sure but I think everything larger >> than the 11/24. I know my 11/44's, 11/73's and 11/93 all do. Don't think >> the 11/23 did, but maybe the 11/23+. >> >> I have a book at home with the whole chart of features by processor. I'll >> try to take a look tonite if I have time. >> >> bill >> >> > > I believe the Micro 11/23 had I and D spaces. I was responsible for one > briefly. The address space was entirely too limited! We replaced it > with a VAX 8200. > I have always found this an interesting comment. My first real foray into the world of Microcomputers (as a professional rather than as a hacker) was on an LSI-11/02 (Terak). I got the assigned the project because all my co-workers (mainframe programmers) said that there was no way one could do anything usefull in 28K Words of memory. I wrote a Data-entry package, a file transfer package (to upload the data- entry stuff), a program to read input from an optical scanner and a bunch of other things. I also had fun setting up the biggest Terak config any one there had ever seen. Anyone else ever try doing RT-11 COBOL with nothing but 4 8" floppies for data storage? :-) bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Tue, 26 Aug 2008 11:06:36 -0400 From: "Richard B. Gilbert" Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bill Gunshannon wrote: > In article <1Pmdnfy8xKVbminVnZ2dnUVZ_qDinZ2d@comcast.com>, > "Richard B. Gilbert" writes: >> Bill Gunshannon wrote: >>> In article , >>> koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >>>> In article , Johnny Billquist writes: >>>>> Heck, a PDP-11 provides support for that. >>>>> Stack is in D-space. Code is in I-space... If you try to jump to the stack, you >>>>> will be executing something, but it won't be from the stack, unless you decide >>>>> to map I-space and D-space to the same memory. >>>> The PDP-11 was in many ways ahead of its time, but the 11/44 I used >>>> was the only one large enough to have different RAM spaces to map >>>> I-space and D-space to. >>> Many of them did. I don't remember for sure but I think everything larger >>> than the 11/24. I know my 11/44's, 11/73's and 11/93 all do. Don't think >>> the 11/23 did, but maybe the 11/23+. >>> >>> I have a book at home with the whole chart of features by processor. I'll >>> try to take a look tonite if I have time. >>> >>> bill >>> >>> >> I believe the Micro 11/23 had I and D spaces. I was responsible for one >> briefly. The address space was entirely too limited! We replaced it >> with a VAX 8200. >> > > > I have always found this an interesting comment. My first real foray into > the world of Microcomputers (as a professional rather than as a hacker) was > on an LSI-11/02 (Terak). I got the assigned the project because all my > co-workers (mainframe programmers) said that there was no way one could do > anything usefull in 28K Words of memory. > > I wrote a Data-entry package, a file transfer package (to upload the data- > entry stuff), a program to read input from an optical scanner and a bunch > of other things. I also had fun setting up the biggest Terak config any > one there had ever seen. Anyone else ever try doing RT-11 COBOL with > nothing but 4 8" floppies for data storage? :-) > Well, my programming background is largely mainframe and VAX. I had a little experience with an IBM System/7 with a whole 8K bytes of memory. We hooked it up to an A/D converter and a numeric keypad and used it for data capture in supersonic/hypersonic wind tunnel experiments. IBM sold it to us with 4K of memory which, after loading the O/S left us with something like 300 words of memory for our application. The first thing we had to do was spring for another 4K of memory. That was replaced with a H-P 2100MXE with a whole 5 MB of disk; 2.5 fixed and 2.5 removable! We managed to run a Fortran compiler on that. The device drivers for the A/D converters were written in assembler. The HP's limited memory and address space were too limiting and we eventually wound up with a VAX 11/750 and VMS V3.6. The port from HP to VAX taught me a lot about writing portable code! ------------------------------ Date: 26 Aug 2008 11:18:26 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article <48b427b4$1@news.langstoeger.at>, peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) writes: > > Where did you saw the patches for VAX V7.3? > May I have it? I saw the announcement on Eisner. ------------------------------ Date: 26 Aug 2008 11:21:09 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article <6higveFm5a73U1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > > I wrote a Data-entry package, a file transfer package (to upload the data- > entry stuff), a program to read input from an optical scanner and a bunch > of other things. I also had fun setting up the biggest Terak config any > one there had ever seen. Anyone else ever try doing RT-11 COBOL with > nothing but 4 8" floppies for data storage? :-) Since the "RT" in RT-11 stands for real-time, I'd never even looked for a COBOL compiler. But 8" floppies have got to be better for this than fan-fold. ------------------------------ Date: Tue, 26 Aug 2008 09:51:01 -0700 (PDT) From: johnwallace4@yahoo.co.uk Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <05b7971f-4103-4844-a1b2-548f585b61d4@j1g2000prb.googlegroups.com> On Aug 26, 2:03 pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote: > In article , > koeh...@eisner.nospam.encompasserve.org (Bob Koehler) writes: > > > In article , Johnny Billquist writes: > > >> Heck, a PDP-11 provides support for that. > >> Stack is in D-space. Code is in I-space... If you try to jump to the stack, you > >> will be executing something, but it won't be from the stack, unless you decide > >> to map I-space and D-space to the same memory. > > > The PDP-11 was in many ways ahead of its time, but the 11/44 I used > > was the only one large enough to have different RAM spaces to map > > I-space and D-space to. > > Many of them did. I don't remember for sure but I think everything larger > than the 11/24. I know my 11/44's, 11/73's and 11/93 all do. Don't think > the 11/23 did, but maybe the 11/23+. > > I have a book at home with the whole chart of features by processor. I'll > try to take a look tonite if I have time. > > bill > > -- > Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves > billg...@cs.scranton.edu | and a sheep voting on what's for dinner. > University of Scranton | > Scranton, Pennsylvania | #include Book? 11/23 (and 11/23+, same thing in different boards or boxes), 11/24, Pro325/350 used F11 chipset, iirc no I/D space (correction from a definitive book most welcome). 11/53, 11/73, 11/83, 11/84, 11/93, 11/94 (and Pro380) used J11 chipset, with I/D space in the hardware. ------------------------------ Date: 26 Aug 2008 17:00:25 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <6hir59Fm37rjU1@mid.individual.net> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article <6higveFm5a73U1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: >> >> I wrote a Data-entry package, a file transfer package (to upload the data- >> entry stuff), a program to read input from an optical scanner and a bunch >> of other things. I also had fun setting up the biggest Terak config any >> one there had ever seen. Anyone else ever try doing RT-11 COBOL with >> nothing but 4 8" floppies for data storage? :-) > > Since the "RT" in RT-11 stands for real-time, I'd never even looked > for a COBOL compiler. There are lots of places that I knew that used RT-11 the same way others used CP/M. As far as I knew, RT-11 and UCSD-Pascal were the only OSes ever made available for the TERAK. > > But 8" floppies have got to be better for this than fan-fold. Unit#0: OS Unit#1: Compiler Unit#2: Sources Unit#3: Destination for objects. All clicking away and blinking to beat the band. Now that was a computer!! :-) bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Tue, 26 Aug 2008 14:56:38 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: Phase V: it's not just the UI, U know. Message-ID: In article , Rich Alderson writes: >"Richard B. Gilbert" writes: > >> Somehow, I can't get excited about a product that solves problems I >> didn't have when it was introduced, and which, ten or so years later, I >> still don't have. SMTP and POP may be "obsolete" but they have been >> delivering mail for the last 25 years or so and may be good for another >> ten or twenty years. DECnet Phase IV may be obsolete but it does the >> job I need done! > >SMTP is a bit over 25 years old, POP just over 20. > >Just keeping things straight. > SMTP - RFC 821 August 1982 see http://tools.ietf.org/html/rfc918 Though this grew out of earlier mail protocols developed during the 1970s and 1980's eg Mailbox protocol - RFC 196 - July 1971 FTP mail - RFC 458 - Feb 1973 Mail protocol - RFC 524 - June 1973 Mail Transfer Protocol - RFC 780 - May 1981 POP - RFC 918 October 1984 see http://tools.ietf.org/html/rfc918 Just keeping things straight. David Webb Security team leader CCSS Middlesex University >-- >Rich Alderson "You get what anybody gets. You get a lifetime." >news@alderson.users.panix.com --Death, of the Endless ------------------------------ Date: Tue, 26 Aug 2008 07:13:01 -0700 (PDT) From: apogeusistemas@gmail.com Subject: Putting my Vax in the network Message-ID: <873f24e5-389a-423b-a766-2a5c750a6f22@r15g2000prd.googlegroups.com> Hi: Can you tell me how put my Vax 4100 in my network? I made a reboot in this system but I=B4m getting this message: vax01> set host vax02 %SYSTEM-F-UNREACHABLE, remote node is not currently reachable ------------------------------ Date: Tue, 26 Aug 2008 11:13:25 -0400 From: "Richard B. Gilbert" Subject: Re: Putting my Vax in the network Message-ID: apogeusistemas@gmail.com wrote: > Hi: > Can you tell me how put my Vax 4100 in my network? > I made a reboot in this system but I´m getting this message: > > vax01> set host vax02 > > > %SYSTEM-F-UNREACHABLE, remote node is not currently reachable We can't tell you much until you tell us more. What sort of network do you have? Thick wire Ethernet, thinwire Ethernet, UTP Ethernet. . . ??? What networking software are you using? DECnet? TCP/IP? If the latter, which TCP/IP stack are you using. Which version. Which version of VMS? Please see http://www.catb.org/~esr/faqs/smart-questions.html ------------------------------ Date: Tue, 26 Aug 2008 15:25:36 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Putting my Vax in the network Message-ID: <00A7EAF6.EC826887@SendSpamHere.ORG> In article <873f24e5-389a-423b-a766-2a5c750a6f22@r15g2000prd.googlegroups.com>, apogeusistemas@gmail.com writes: >Hi: >Can you tell me how put my Vax 4100 in my network? >I made a reboot in this system but I=B4m getting this message: > >vax01> set host vax02 > > >%SYSTEM-F-UNREACHABLE, remote node is not currently reachable Is VAX02 defined in the namespace? -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Tue, 26 Aug 2008 16:35:54 +0100 From: "R.A.Omond" Subject: Re: Putting my Vax in the network Message-ID: <48b422de$0$90269$14726298@news.sunsite.dk> VAXman- @SendSpamHere.ORG wrote: > In article <873f24e5-389a-423b-a766-2a5c750a6f22@r15g2000prd.googlegroups.com>, apogeusistemas@gmail.com writes: >> Hi: >> Can you tell me how put my Vax 4100 in my network? >> I made a reboot in this system but I=B4m getting this message: >> >> vax01> set host vax02 >> >> >> %SYSTEM-F-UNREACHABLE, remote node is not currently reachable > > Is VAX02 defined in the namespace? Yes, it must be. She/he would get a "Remote node is unknown" error message if it weren't. $ set ho titan Remote node is not currently reachable $ set ho xxxxx Remote node is unknown ------------------------------ Date: Tue, 26 Aug 2008 08:38:16 -0700 (PDT) From: apogeusistemas@gmail.com Subject: Re: Putting my Vax in the network Message-ID: <97d196d4-70b5-47d9-96f4-a06882bbb989@i20g2000prf.googlegroups.com> On Aug 26, 12:25=A0pm, VAXman- @SendSpamHere.ORG wrote: > In article <873f24e5-389a-423b-a766-2a5c750a6...@r15g2000prd.googlegroups= .com>, apogeusiste...@gmail.com writes: > > >Hi: > >Can you tell me how put my Vax 4100 in my network? > >I made a reboot in this system but I=3DB4m getting this message: > > >vax01> set host vax02 > > >%SYSTEM-F-UNREACHABLE, remote node is not currently reachable > > Is VAX02 defined in the namespace? > > -- > VAXman- A Bored Certified VMS Kernel Mode Hacker =A0 =A0 =A0VAXman(at)TME= SIS(dot)COM > > ... pejorative statements of opinion are entitled to constitutional prote= ction > no matter how extreme, vituperous, or vigorously expressed they may be. (= NJSC) > > Copr. 2008 Brian Schenkenberger. =A0Publication of _this_ usenet article = outside > of usenet _must_ include its contents in its entirety including this copy= right > notice, disclaimer and quotations. vax01 =BB ucx sh version DEC TCP/IP Services for OpenVMS VAX Version V3.3 on a MicroVAX 3100-90 running OpenVMS V5.5-2H4 vax01 =BB ucx sh service Service Port Proto Process Address State BOOTP 67 UDP UCX$BOOTP 0.0.0.0 Enabled FTP 21 TCP UCX$FTPD 0.0.0.0 Enabled SMTP 25 TCP UCX$SMTP 0.0.0.0 Enabled TELNET 23 TCP not defined 0.0.0.0 Enabled TFTP 69 UDP UCX$TFTP 0.0.0.0 Enabled vax01 =BB telnet vax02 %TELNET-I-TRYING, Trying ... 172.15.14.22 ------------------------------ Date: Tue, 26 Aug 2008 16:00:09 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: Putting my Vax in the network Message-ID: apogeusistemas@gmail.com wrote: > On Aug 26, 12:25 pm, VAXman- @SendSpamHere.ORG wrote: >> In article <873f24e5-389a-423b-a766-2a5c750a6...@r15g2000prd.googlegroups.com>, apogeusiste...@gmail.com writes: >> >>> Hi: >>> Can you tell me how put my Vax 4100 in my network? >>> I made a reboot in this system but I=B4m getting this message: >>> vax01> set host vax02 >>> %SYSTEM-F-UNREACHABLE, remote node is not currently reachable >> Is VAX02 defined in the namespace? >> >> -- >> VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM >> >> ... pejorative statements of opinion are entitled to constitutional protection >> no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) >> >> Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside >> of usenet _must_ include its contents in its entirety including this copyright >> notice, disclaimer and quotations. > > > > vax01 » ucx sh version > > DEC TCP/IP Services for OpenVMS VAX Version V3.3 > on a MicroVAX 3100-90 running OpenVMS V5.5-2H4 > > vax01 » ucx sh service > > Service Port Proto Process Address > State > > BOOTP 67 UDP UCX$BOOTP > 0.0.0.0 Enabled > FTP 21 TCP UCX$FTPD > 0.0.0.0 Enabled > SMTP 25 TCP UCX$SMTP > 0.0.0.0 Enabled > TELNET 23 TCP not defined > 0.0.0.0 Enabled > TFTP 69 UDP UCX$TFTP > 0.0.0.0 Enabled > vax01 » telnet vax02 > %TELNET-I-TRYING, Trying ... 172.15.14.22 Are vax01 and vax02 even *conneted* to each other ? ------------------------------ Date: Tue, 26 Aug 2008 09:01:25 -0700 From: "Tom Linden" Subject: Re: Putting my Vax in the network Message-ID: On Tue, 26 Aug 2008 08:38:16 -0700, wrote: > On Aug 26, 12:25 pm, VAXman- @SendSpamHere.ORG wrote: >> In article >> <873f24e5-389a-423b-a766-2a5c750a6...@r15g2000prd.googlegroups.com>, >> apogeusiste...@gmail.com writes: >> >> >Hi: >> >Can you tell me how put my Vax 4100 in my network? >> >I made a reboot in this system but I=B4m getting this message: >> >> >vax01> set host vax02 >> >> >%SYSTEM-F-UNREACHABLE, remote node is not currently reachable >> >> Is VAX02 defined in the namespace? >> >> -- >> VAXman- A Bored Certified VMS Kernel Mode Hacker >>      VAXman(at)TMESIS(dot)COM >> >> ... pejorative statements of opinion are entitled to constitutional >> protection >> no matter how extreme, vituperous, or vigorously expressed they may be. >> (NJSC) >> >> Copr. 2008 Brian Schenkenberger.  Publication of _this_ usenet article >> outside >> of usenet _must_ include its contents in its entirety including this >> copyright >> notice, disclaimer and quotations. > > > > vax01 » ucx sh version > > DEC TCP/IP Services for OpenVMS VAX Version V3.3 > on a MicroVAX 3100-90 running OpenVMS V5.5-2H4 > > vax01 » ucx sh service > > Service Port Proto Process Address > State > > BOOTP 67 UDP UCX$BOOTP > 0.0.0.0 Enabled > FTP 21 TCP UCX$FTPD > 0.0.0.0 Enabled > SMTP 25 TCP UCX$SMTP > 0.0.0.0 Enabled > TELNET 23 TCP not defined > 0.0.0.0 Enabled > TFTP 69 UDP UCX$TFTP > 0.0.0.0 Enabled > vax01 » telnet vax02 > %TELNET-I-TRYING, Trying ... 172.15.14.22 What is VAX02 and which services are enabled there? -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: 26 Aug 2008 11:28:38 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Putting my Vax in the network Message-ID: In article <873f24e5-389a-423b-a766-2a5c750a6f22@r15g2000prd.googlegroups.com>, apogeusistemas@gmail.com writes: > Hi: > Can you tell me how put my Vax 4100 in my network? > I made a reboot in this system but I=B4m getting this message: > > vax01> set host vax02 > > > %SYSTEM-F-UNREACHABLE, remote node is not currently reachable Well, all you've really told us is "it doesn't work" when you try a DECnet terminal connection. I could spend a long time suggesting reasons it might not work. Could you rule out a few? ------------------------------ Date: 26 Aug 2008 11:29:36 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Putting my Vax in the network Message-ID: In article <00A7EAF6.EC826887@SendSpamHere.ORG>, VAXman- @SendSpamHere.ORG writes: > > Is VAX02 defined in the namespace? > I would think lack of definition would return a different error. Of course, errant definition could contribute. ------------------------------ Date: Tue, 26 Aug 2008 12:31:23 -0400 From: "Richard B. Gilbert" Subject: Re: Putting my Vax in the network Message-ID: apogeusistemas@gmail.com wrote: > On Aug 26, 12:25 pm, VAXman- @SendSpamHere.ORG wrote: >> In article <873f24e5-389a-423b-a766-2a5c750a6...@r15g2000prd.googlegroups.com>, apogeusiste...@gmail.com writes: >> >>> Hi: >>> Can you tell me how put my Vax 4100 in my network? >>> I made a reboot in this system but I=B4m getting this message: >>> vax01> set host vax02 >>> %SYSTEM-F-UNREACHABLE, remote node is not currently reachable >> Is VAX02 defined in the namespace? >> >> -- >> VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM >> >> ... pejorative statements of opinion are entitled to constitutional protection >> no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) >> >> Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside >> of usenet _must_ include its contents in its entirety including this copyright >> notice, disclaimer and quotations. > > > > vax01 » ucx sh version > > DEC TCP/IP Services for OpenVMS VAX Version V3.3 > on a MicroVAX 3100-90 running OpenVMS V5.5-2H4 > > vax01 » ucx sh service > > Service Port Proto Process Address > State > > BOOTP 67 UDP UCX$BOOTP > 0.0.0.0 Enabled > FTP 21 TCP UCX$FTPD > 0.0.0.0 Enabled > SMTP 25 TCP UCX$SMTP > 0.0.0.0 Enabled > TELNET 23 TCP not defined > 0.0.0.0 Enabled > TFTP 69 UDP UCX$TFTP > 0.0.0.0 Enabled > vax01 » telnet vax02 > %TELNET-I-TRYING, Trying ... 172.15.14.22 Alright, now show us the output of a. ucx show version, and b. ucx show service Are both machines on the same subnet: 172.... FWIW, UCX V3.3 is just barely out of the dark ages of computing! VMS V5.5-2 is the lowest version with Y2K support. The last time I looked (years ago) UCX 5.x and VMS V7.x were current. Is there some reason why you must run these antiques? UCX V3.3 is something that anyone in his right mind wants to forget. UCX V3.3 is one of the reasons that I'm no longer in my right mind!!! If you have not installed ECO 13 (at least) SMTP, and perhaps other services, will not work properly (or at all). Since UCX V3.3 has not been supported at any time in the last eight years or so, you may find it difficult to obtain a copy of ECO 13 for it! ------------------------------ Date: Tue, 26 Aug 2008 17:08:41 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Putting my Vax in the network Message-ID: <00A7EB05.52F857CB@SendSpamHere.ORG> In article <48b422de$0$90269$14726298@news.sunsite.dk>, "R.A.Omond" writes: >VAXman- @SendSpamHere.ORG wrote: >> In article <873f24e5-389a-423b-a766-2a5c750a6f22@r15g2000prd.googlegroups.com>, apogeusistemas@gmail.com writes: >>> Hi: >>> Can you tell me how put my Vax 4100 in my network? >>> I made a reboot in this system but I=B4m getting this message: >>> >>> vax01> set host vax02 >>> >>> >>> %SYSTEM-F-UNREACHABLE, remote node is not currently reachable >> >> Is VAX02 defined in the namespace? > >Yes, it must be. She/he would get a "Remote node is unknown" >error message if it weren't. > > $ set ho titan > Remote node is not currently reachable > $ set ho xxxxx > Remote node is unknown OK... should have read "properly" defined. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Tue, 26 Aug 2008 07:46:01 -0700 (PDT) From: DaveG Subject: Re: SMGRTL patch available on ITRC ftp site Message-ID: <439d166b-5e38-4f8a-b7d4-f8535d1f9eb8@v39g2000pro.googlegroups.com> On Aug 22, 10:56=A0am, DaveG wrote: > On Aug 22, 8:41=A0am, "P. Sture" wrote: > > > > > > > In article , > > =A0koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, =A0 VAXman- =A0@Send= SpamHere.ORG > > > writes: > > > > FWIW, reading the patch description text (Yes, with my specs on), t= here > > > > is nothing to indicate the severity of or need for applying this pa= tch! > > > > I'd wager that there are sites that will NEVER install this patch u= nless > > > > they see some buffer overflow in SMG. =A0Unless this patch is liste= d as a > > > > SECURITY patch, people not following what has been going on here fo= r the > > > > better part of a week will not install it. > > > > =A0 =A0Yes. =A0the rating is INSTAL_1, but it should be a MUP! > > > I second that 100%! > > > -- > > Paul Sture > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1 > thingie.- Hide quoted text - > > - Show quoted text - Got a reply. Was told the SMGRTL patch will become a MUP. Will also be included as such in the next release of OpenVMS. They listened. ------------------------------ Date: Tue, 26 Aug 2008 11:11:50 -0400 From: norm.raphael@metso.com Subject: Re: SMGRTL patch available on ITRC ftp site Message-ID: This is a multipart message in MIME format. --=_alternative 00537661852574B1_= Content-Type: text/plain; charset="US-ASCII" DaveG wrote on 08/26/2008 10:46:01 AM: > On Aug 22, 10:56 am, DaveG wrote: > > On Aug 22, 8:41 am, "P. Sture" wrote: > > > > > > > > > > > > > In article , > > > koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > > > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, VAXman- > @SendSpamHere.ORG > > > > writes: > > > > > FWIW, reading the patch description text (Yes, with my specson), there > > > > > is nothing to indicate the severity of or need for applying > this patch! > > > > > I'd wager that there are sites that will NEVER install this > patch unless > > > > > they see some buffer overflow in SMG. Unless this patch is > listed as a > > > > > SECURITY patch, people not following what has been going on > here for the > > > > > better part of a week will not install it. > > > > > > Yes. the rating is INSTAL_1, but it should be a MUP! > > > > > I second that 100%! > > > > > -- > > > Paul Sture > > > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1 > > thingie.- Hide quoted text - > > > > - Show quoted text - > > Got a reply. Was told the SMGRTL patch will become a MUP. Will also > be included as such in the next release of OpenVMS. > That's the next release of OpenVMS VAX, right 8-) ? > They listened. > --=_alternative 00537661852574B1_= Content-Type: text/html; charset="US-ASCII"
DaveG <david.gudewicz@abbott.com> wrote on 08/26/2008 10:46:01 AM:

> On Aug 22, 10:56 am, DaveG <david.gudew...@abbott.com> wrote:
> > On Aug 22, 8:41 am, "P. Sture" <paul.sture.nos...@hispeed.ch> wrote:
> >
> >
> >
> >
> >
> > > In article <J0TzXcxI5...@eisner.encompasserve.org>,
> > >  koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote:
> >
> > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>,   VAXman-
>  @SendSpamHere.ORG
> > > > writes:
> > > > > FWIW, reading the patch description text (Yes, with my specson), there
> > > > > is nothing to indicate the severity of or need for applying
> this patch!
> > > > > I'd wager that there are sites that will NEVER install this
> patch unless
> > > > > they see some buffer overflow in SMG.  Unless this patch is
> listed as a
> > > > > SECURITY patch, people not following what has been going on
> here for the
> > > > > better part of a week will not install it.
> >
> > > >    Yes.  the rating is INSTAL_1, but it should be a MUP!
> >
> > > I second that 100%!
> >
> > > --
> > > Paul Sture
> >
> > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1
> > thingie.- Hide quoted text -
> >
> > - Show quoted text -
>
> Got a reply.  Was told the SMGRTL patch will become a MUP.  Will also
> be included as such in the next release of OpenVMS.
>

That's the next release of OpenVMS VAX, right   8-)  ?
> They listened.
>
--=_alternative 00537661852574B1_=-- ------------------------------ Date: Tue, 26 Aug 2008 08:36:04 -0700 (PDT) From: IanMiller Subject: Re: SMGRTL patch available on ITRC ftp site Message-ID: <7c99f0ff-8385-4237-addb-64bc1fdc3406@w39g2000prb.googlegroups.com> On Aug 26, 3:46=A0pm, DaveG wrote: > On Aug 22, 10:56=A0am, DaveG wrote: > > > > > On Aug 22, 8:41=A0am, "P. Sture" wrote: > > > > In article , > > > =A0koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, =A0 VAXman- =A0@Se= ndSpamHere.ORG > > > > writes: > > > > > FWIW, reading the patch description text (Yes, with my specs on),= there > > > > > is nothing to indicate the severity of or need for applying this = patch! > > > > > I'd wager that there are sites that will NEVER install this patch= unless > > > > > they see some buffer overflow in SMG. =A0Unless this patch is lis= ted as a > > > > > SECURITY patch, people not following what has been going on here = for the > > > > > better part of a week will not install it. > > > > > =A0 =A0Yes. =A0the rating is INSTAL_1, but it should be a MUP! > > > > I second that 100%! > > > > -- > > > Paul Sture > > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1 > > thingie.- Hide quoted text - > > > - Show quoted text - > > Got a reply. =A0Was told the SMGRTL patch will become a MUP. =A0Will also > be included as such in the next release of OpenVMS. > > They listened. Any news on a VAX version of the patch? ------------------------------ Date: Tue, 26 Aug 2008 09:19:37 -0700 (PDT) From: DaveG Subject: Re: SMGRTL patch available on ITRC ftp site Message-ID: <10ddfa8e-702c-4924-bc28-4c4c72293a6b@j1g2000prb.googlegroups.com> On Aug 26, 10:36=A0am, IanMiller wrote: > On Aug 26, 3:46=A0pm, DaveG wrote: > > > > > > > On Aug 22, 10:56=A0am, DaveG wrote: > > > > On Aug 22, 8:41=A0am, "P. Sture" wrote= : > > > > > In article , > > > > =A0koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > > > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, =A0 VAXman- =A0@= SendSpamHere.ORG > > > > > writes: > > > > > > FWIW, reading the patch description text (Yes, with my specs on= ), there > > > > > > is nothing to indicate the severity of or need for applying thi= s patch! > > > > > > I'd wager that there are sites that will NEVER install this pat= ch unless > > > > > > they see some buffer overflow in SMG. =A0Unless this patch is l= isted as a > > > > > > SECURITY patch, people not following what has been going on her= e for the > > > > > > better part of a week will not install it. > > > > > > =A0 =A0Yes. =A0the rating is INSTAL_1, but it should be a MUP! > > > > > I second that 100%! > > > > > -- > > > > Paul Sture > > > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1 > > > thingie.- Hide quoted text - > > > > - Show quoted text - > > > Got a reply. =A0Was told the SMGRTL patch will become a MUP. =A0Will al= so > > be included as such in the next release of OpenVMS. > > > They listened. > > Any news on a VAX version of the patch?- Hide quoted text - > > - Show quoted text - I didn't ask that question, nor the what of the no longer supported versions. ------------------------------ Date: Tue, 26 Aug 2008 09:27:28 -0700 (PDT) From: DaveG Subject: Re: SMGRTL patch available on ITRC ftp site Message-ID: On Aug 26, 10:36=A0am, IanMiller wrote: > On Aug 26, 3:46=A0pm, DaveG wrote: > > > > > > > On Aug 22, 10:56=A0am, DaveG wrote: > > > > On Aug 22, 8:41=A0am, "P. Sture" wrote= : > > > > > In article , > > > > =A0koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > > > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, =A0 VAXman- =A0@= SendSpamHere.ORG > > > > > writes: > > > > > > FWIW, reading the patch description text (Yes, with my specs on= ), there > > > > > > is nothing to indicate the severity of or need for applying thi= s patch! > > > > > > I'd wager that there are sites that will NEVER install this pat= ch unless > > > > > > they see some buffer overflow in SMG. =A0Unless this patch is l= isted as a > > > > > > SECURITY patch, people not following what has been going on her= e for the > > > > > > better part of a week will not install it. > > > > > > =A0 =A0Yes. =A0the rating is INSTAL_1, but it should be a MUP! > > > > > I second that 100%! > > > > > -- > > > > Paul Sture > > > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1 > > > thingie.- Hide quoted text - > > > > - Show quoted text - > > > Got a reply. =A0Was told the SMGRTL patch will become a MUP. =A0Will al= so > > be included as such in the next release of OpenVMS. > > > They listened. > > Any news on a VAX version of the patch?- Hide quoted text - > > - Show quoted text - I just asked the what about the VAX and unsupported versions questions. When I get a reply, I'll update here. ------------------------------ Date: Tue, 26 Aug 2008 09:50:18 -0700 (PDT) From: DaveG Subject: Re: SMGRTL patch available on ITRC ftp site Message-ID: On Aug 26, 11:27=A0am, DaveG wrote: > On Aug 26, 10:36=A0am, IanMiller wrote: > > > > > > > On Aug 26, 3:46=A0pm, DaveG wrote: > > > > On Aug 22, 10:56=A0am, DaveG wrote: > > > > > On Aug 22, 8:41=A0am, "P. Sture" wro= te: > > > > > > In article , > > > > > =A0koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > > > > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, =A0 VAXman- = =A0@SendSpamHere.ORG > > > > > > writes: > > > > > > > FWIW, reading the patch description text (Yes, with my specs = on), there > > > > > > > is nothing to indicate the severity of or need for applying t= his patch! > > > > > > > I'd wager that there are sites that will NEVER install this p= atch unless > > > > > > > they see some buffer overflow in SMG. =A0Unless this patch is= listed as a > > > > > > > SECURITY patch, people not following what has been going on h= ere for the > > > > > > > better part of a week will not install it. > > > > > > > =A0 =A0Yes. =A0the rating is INSTAL_1, but it should be a MUP! > > > > > > I second that 100%! > > > > > > -- > > > > > Paul Sture > > > > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1 > > > > thingie.- Hide quoted text - > > > > > - Show quoted text - > > > > Got a reply. =A0Was told the SMGRTL patch will become a MUP. =A0Will = also > > > be included as such in the next release of OpenVMS. > > > > They listened. > > > Any news on a VAX version of the patch?- Hide quoted text - > > > - Show quoted text - > > I just asked the what about the VAX and unsupported versions > questions. =A0When I get a reply, I'll update here.- Hide quoted text - > > - Show quoted text - Answer just in: The engineers are working through the version matrix. There is a MUP in the works for VAX V7.3 which will be out shortly. My understanding is they were unable to reproduce the problem on V6.2 VAX. The fixes are being rolled out in a priority order and we will continue to work through the version matrix with the focus on supported versions. ------------------------------ Date: Tue, 26 Aug 2008 10:15:01 -0700 (PDT) From: Rich Jordan Subject: Re: SMGRTL patch available on ITRC ftp site Message-ID: On Aug 26, 11:50=A0am, DaveG wrote: > On Aug 26, 11:27=A0am, DaveG wrote: > > > > > On Aug 26, 10:36=A0am, IanMiller wrote: > > > > On Aug 26, 3:46=A0pm, DaveG wrote: > > > > > On Aug 22, 10:56=A0am, DaveG wrote: > > > > > > On Aug 22, 8:41=A0am, "P. Sture" w= rote: > > > > > > > In article , > > > > > > =A0koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > > > > > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, =A0 VAXman- = =A0@SendSpamHere.ORG > > > > > > > writes: > > > > > > > > FWIW, reading the patch description text (Yes, with my spec= s on), there > > > > > > > > is nothing to indicate the severity of or need for applying= this patch! > > > > > > > > I'd wager that there are sites that will NEVER install this= patch unless > > > > > > > > they see some buffer overflow in SMG. =A0Unless this patch = is listed as a > > > > > > > > SECURITY patch, people not following what has been going on= here for the > > > > > > > > better part of a week will not install it. > > > > > > > > =A0 =A0Yes. =A0the rating is INSTAL_1, but it should be a MUP= ! > > > > > > > I second that 100%! > > > > > > > -- > > > > > > Paul Sture > > > > > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1 > > > > > thingie.- Hide quoted text - > > > > > > - Show quoted text - > > > > > Got a reply. =A0Was told the SMGRTL patch will become a MUP. =A0Wil= l also > > > > be included as such in the next release of OpenVMS. > > > > > They listened. > > > > Any news on a VAX version of the patch?- Hide quoted text - > > > > - Show quoted text - > > > I just asked the what about the VAX and unsupported versions > > questions. =A0When I get a reply, I'll update here.- Hide quoted text - > > > - Show quoted text - > > Answer just in: > > The engineers are working through the version matrix. There is a MUP > in the works for VAX V7.3 which will be out shortly. =A0My understanding > is they were unable to reproduce the problem on V6.2 VAX. The fixes > are being rolled out in a priority order and we will continue to work > through the version matrix with the focus on supported versions. VAX/VMS V6.2 on a VS3100-30 manual test using INSTALL shared image from a nonpriv'd process blows up as predicted. The problem is present in that version. Rich ------------------------------ Date: 26 Aug 2008 07:51:27 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: strange tcpip issue Message-ID: In article <48b2f7ef$0$12374$c3e8da3@news.astraweb.com>, JF Mezei writes: > > I think that the US government maintained the OSI mandate long enough > for DEC (and I think HP and IBM) to implement their stack and then > admitted that TCPIP had become the de-facto standard that allowed > computers from any manufacturer to talk to each other (the primary > purpose of OSI). The government tried to require ISO/OSI networking in proposals before the ISO/OSI standards were finished. Then they found out that they couldn't buy it, so that allowed that TCP/IP could be in proposals instead. Then the government stopped pushing ISO/OSI all together and the vendors who had invested in it lost thier money. ------------------------------ Date: 26 Aug 2008 13:08:47 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: strange tcpip issue Message-ID: <6hidivFm6l8iU3@mid.individual.net> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article <48b2f7ef$0$12374$c3e8da3@news.astraweb.com>, JF Mezei writes: >> >> I think that the US government maintained the OSI mandate long enough >> for DEC (and I think HP and IBM) to implement their stack and then >> admitted that TCPIP had become the de-facto standard that allowed >> computers from any manufacturer to talk to each other (the primary >> purpose of OSI). > > The government tried to require ISO/OSI networking in proposals > before the ISO/OSI standards were finished. Then they found out > that they couldn't buy it, so that allowed that TCP/IP could be > in proposals instead. Then the government stopped pushing ISO/OSI > all together and the vendors who had invested in it lost thier > money. And I, for one, didn't see opting to buy something that already worked over some academic (and politically driven) pipedream as "weaseling". bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Tue, 26 Aug 2008 09:29:16 -0700 (PDT) From: DaveG Subject: Re: What has happened to RMS ECO? Message-ID: <0956e7b8-5d99-4a79-8b41-ed71fd8b3ffb@v26g2000prm.googlegroups.com> On Aug 26, 11:06=A0am, pe...@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) wrote: > What has happened to the VMS83A_RMS ECO? V8 was out, then recalled (ON-HO= LD). > And then, nothing so far. What was V8 intended to fix (which is now open = yet)? > > Any insight? > > TIA > > -- > Peter "EPLAN" LANGST=D6GER > Network and OpenVMS system specialist > E-mail =A0Pe...@LANGSTOeGER.at > A-1030 VIENNA =A0AUSTRIA =A0 =A0 =A0 =A0 =A0 =A0 =A0I'm not a pessimist, = I'm a realist george dot pagliarulo at hp dot com would know. ------------------------------ Date: 26 Aug 2008 18:06:49 +0200 From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) Subject: [OpenVMS Alpha V8.3] What has happened to RMS ECO? Message-ID: <48b44639$1@news.langstoeger.at> What has happened to the VMS83A_RMS ECO? V8 was out, then recalled (ON-HOLD). And then, nothing so far. What was V8 intended to fix (which is now open yet)? Any insight? TIA -- Peter "EPLAN" LANGSTÖGER Network and OpenVMS system specialist E-mail Peter@LANGSTOeGER.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ------------------------------ Date: 26 Aug 2008 17:03:44 +0200 From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) Subject: [RBL] Current status? Message-ID: <48b43770@news.langstoeger.at> I just noted that some of my names used in RBL configurations are no longer there/working. I removed them (and now there is unfortunately only one left). What is the current status of RBLs? Which one do you use? TIA -- Peter "EPLAN" LANGSTÖGER Network and OpenVMS system specialist E-mail Peter@LANGSTOeGER.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ------------------------------ Date: Tue, 26 Aug 2008 09:03:01 -0700 From: "Tom Linden" Subject: Re: [RBL] Current status? Message-ID: On Tue, 26 Aug 2008 08:03:44 -0700, Peter 'EPLAN' LANGSTOeGER wrote: > I just noted that some of my names used in RBL configurations are no > longer > there/working. I removed them (and now there is unfortunately only one > left). > > What is the current status of RBLs? > Which one do you use? > > TIA > RBL domains to check: ZEN.SPAMHAUS.ORG SPAMCOP.NET LIST.DSBL.ORG -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: 26 Aug 2008 17:50:25 +0200 From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) Subject: [VMS V7/8] How to avoid filling sec audit with entries of BACKUP user? Message-ID: <48b44261$1@news.langstoeger.at> Is there a (simple) way to avoid having the security audit file filled up by security messages of the backup account using its BYPASS/READALL priv? That means, we want to see all the accesses on the system FILE access: Failure: read,write,execute,delete,control SYSPRV: read,write,execute,delete,control BYPASS: read,write,execute,delete,control READALL: read,write,execute,delete,control but not for this particular user (which makes 20-40% of the audit file)... *) Sticking UIC below MAXSYSGROUP would not make a difference, would it? *) UAF /Flag=NoAudit is not overwriting Audit settings (as /FLAG=Audit is) *) Sticking an ACL for the Backup account on *every* file is out of scope. *) Filtering the security file afterwards /SELECT= is out of scope, too. What did I miss? TIA -- Peter "EPLAN" LANGSTÖGER Network and OpenVMS system specialist E-mail Peter@LANGSTOeGER.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ------------------------------ Date: 26 Aug 2008 14:33:19 +0200 From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) Subject: [VMS] SMGRTL Issue Message-ID: <48b4142f$1@news.langstoeger.at> May I again ask some questions about the recent events and my answers after browsing (but *not* reading all of) the thread here (and some kind soul of you you correct me where I'm wrong or adds an answer where I've none): Q1) Has VMS again been (allowed/invented) at an DEFCON event? A1) text goes here (Yes, at DEFCON16, 8-AUG-2008 til 10-AUG-2008 in Las Vegas) Q2) Which arguments which 'disallowed' VMS at earlier DEFCON has changed now? A2) text goes here Q3) Were a VMS security flaw found/demonstrated at DEFCON16? A3) Yes, a missing range check in SMG RTL (SMGSHR.EXE) which corrupts stack and allows one to specify an address where code continues after cmd input. Q4) What is the CVE of this SMG flaw? A4) text goes here Q5) Was this security flaw of VMS used to take over a VMS system at DEFCON? A6) No (though it could have been done via this flaw). Q6) How can this flaw be used to take over an VMS system? A6) By running (as an unprivileged user) a program installed with privileges (like INSTALL.EXE) which links to the SMGSHR.EXE and being able to jump to one's own program (loaded into memory) which is then run with privileges. Q7) Why is an unprivileged user able to run a program installed with privs? A7) Because this is design - to let unprivileged users do privileged things (like login, changing the password and much much more) without compromising the whole system. That is why it is important to have only trusted images installed (with privs). Q8) Why is an unpriv user able to run INSTALL.EXE? Why does one need to? A8) There is no need for an unprivileged user to run INSTALL.EXE One is able to run it, because VMS is after 25 years still delivered (fresh installed) with protection WORLD:RE as default and obviously no system manager secured this file after VMS installation then. Q9) Why is INSTALL.EXE installed with privileges (it is only for priv Users)? A9) text goes here Q10) Doesn't a installed privileged image like the INSTALL.EXE require the linked shareable images like the SMGSHR.EXE not also be installed? A10) Yes it does, and it is (SMGSHR.EXE is installed /OPEN/HEADER/SHARE/NOPRIV) Q11) Is INSTALL.EXE the only image which could use the SMGSHR.EXE flaw? A11) No, many - accessible for unprivileged users - images, which are installed with privileges, and are linked to this buggy SMGSHR.EXE could be used to take over the system. Eg. SYSMAN.EXE It depends on whether the privileged image requires command input via the SMG routines linked in. Q12) How many versions of OpenVMS are affected by this SMG RTL bug? A12) Text goes here (versions of decades ago are already affected, might even be a day one exploit) Q13) How do I secure my VMS system? A13) Most of all, install the (Install 1 - still not MUP - grade) SMGRTL ECO for the platform/os-version you use. But if you are on VAX or on a way too old version of VMS, please contact HP (as there are no released ECOs so far) Second, set the protections of images not to be run by the public to no WORLD access. Consider also ACLs for these files if only a few nonpriv users require them. Q14) Is the SMG RTL flaw the only VMS flaw recently found/demonstrated? A14) No, eg. a bug in the finger client of HP VMS own TCPIP stack (TCPIP$FINGER.EXE) was found. But as finger is a service rarely enabled on VMS systems, the finger flaw is far less important than the SMG RTL flaw (which affects every - unpatched - VMS system). Q15) Was the TCPIP finger client flaw found/demonstrated at DEFCON16, too? A15) text goes here TIA -- Peter "EPLAN" LANGSTÖGER Network and OpenVMS system specialist E-mail Peter@LANGSTOeGER.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ------------------------------ Date: Tue, 26 Aug 2008 16:06:16 GMT From: Rob Brown Subject: Re: [VMS] SMGRTL Issue Message-ID: Hi Peter, My answers here are also largely based on what I read here in c.o.v. Corrections are welcome, of course. On Tue, 26 Aug 2008, Peter 'EPLAN' LANGSTOeGER wrote: > Q1) Has VMS again been (allowed/invented) at an DEFCON event? > A1) text goes here (Yes, at DEFCON16, 8-AUG-2008 til 10-AUG-2008 in > Las Vegas) I think the answer here is "no." I have not heard that there was a VMS system in the "hacker's playground" (or whatever it is called) at DEFCON 16. There *was* a presentation about the VMS vulnerabilities at one of the sessions. This presentation had been on the schedule for months. I think this is different from "VMS being at DEFCON". My 2 cents. > Q2) Which arguments which 'disallowed' VMS at earlier DEFCON has > changed now? > A2) text goes here I think the "disallowed" thing referred to having a VMS system in the playground. That does not appear to have changed. > Q3) Were a VMS security flaw found/demonstrated at DEFCON16? > A3) Yes, a missing range check in SMG RTL (SMGSHR.EXE) which > corrupts stack and allows one to specify an address where code > continues after cmd input. Found? No. The flaw was found months ago. This presentation about the VMS security flaw had been scheduled for months. Demonstrated? Depends on what you mean by "demonstrated". There was a presentation with videos but no live demonstration, since there was no VMS system at the event. > Q5) Was this security flaw of VMS used to take over a VMS system at > DEFCON? > A6) No (though it could have been done via this flaw). There was no VMS system at DEFCON. > Q8) Why is an unpriv user able to run INSTALL.EXE? Why does one need > to? > A8) There is no need for an unprivileged user to run INSTALL.EXE One > is able to run it, because VMS is after 25 years still delivered > (fresh installed) with protection WORLD:RE as default and obviously > no system manager secured this file after VMS installation then. As a developer I used INSTALL LIST from time to time to see if sections of interest were installed. I'm not sure whether or not I could make a case for checking without having the privilege to "fix if necessary". > Q15) Was the TCPIP finger client flaw found/demonstrated at > DEFCON16, too? > A15) text goes here Same as my answer to question 3, above. -- Rob Brown b r o w n a t g m c l d o t c o m G. Michaels Consulting Ltd. (780)438-9343 (voice) Edmonton (780)437-3367 (FAX) http://gmcl.com/ ------------------------------ Date: Tue, 26 Aug 2008 10:09:57 -0600 From: Keith Parris Subject: Re: [VMS] SMGRTL Issue Message-ID: Peter 'EPLAN' LANGSTOeGER wrote: > Q1) Has VMS again been (allowed/invented) at an DEFCON event? A presentation on hacking OpenVMS was included as part of the conference content. OpenVMS was not involved in the Capture-The-Flag game. > Q2) Which arguments which 'disallowed' VMS at earlier DEFCON has changed now? None. The Capture-The-Flag (CTF) game rules were changed after DEFCON 9 so that all participants are required to run the same (supplied) distribution of Linux. I'm pretty sure the intent was to "level the playing field" among the participants rather than specifically to exclude OpenVMS. But some took it as "being asked not to return." (Some of us thought about running OpenVMS under simh on top of this supplied distro, with as much as possible disabled down at the Linux level.) > Q3) Were a VMS security flaw found/demonstrated at DEFCON16? Yes, a flaw in the Finger client and a buffer overflow vulnerability (which turned out to be in SMG) were discussed and an exploit demonstrated. > Q4) What is the CVE of this SMG flaw? After a quick Google search, I assume you mean Common Vulnerabilities and Exposures, http://cve.mitre.org/ I can't answer this one. > Q5) Was this security flaw of VMS used to take over a VMS system at DEFCON? I wasn't there, but I understand it was demonstrated. > A13) Most of all, install the (Install 1 - still not MUP - grade) SMGRTL ECO I got an e-mail which indicates these may be in the process of being re-released as MUPs. ------------------------------ Date: 26 Aug 2008 11:26:38 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: [VMS] SMGRTL Issue Message-ID: In article <48b4142f$1@news.langstoeger.at>, peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) writes: > May I again ask some questions about the recent events and my answers > after browsing (but *not* reading all of) the thread here (and some > kind soul of you you correct me where I'm wrong or adds an answer > where I've none): > > Q1) Has VMS again been (allowed/invented) at an DEFCON event? No. A talk about VMS was given, and snapshots of screen images, but no one claims VMS itself was there. On the other hand, probably no one allowed their laptops to be scanned for SIMH copies. > Q2) Which arguments which 'disallowed' VMS at earlier DEFCON has changed now? DEFCON limited the OS which could be brought, under the excuse that only those allowed were of interest. > Q15) Was the TCPIP finger client flaw found/demonstrated at DEFCON16, too? Yes. ------------------------------ End of INFO-VAX 2008.467 ************************